Puppet contains a flaw that is triggered during the negotiation of a connection between a client and a master, which may allow the client to downgrade the master's SSL protocol to SSLv2. This may allow a remote attacker to more easily compromise encrypted traffic.